Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates
When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.
Use the controls below to navigate Core Impact exploits and other modules.
|CyberGhost CG6Service Service SetPeLauncherState Vulnerability Local Privilege Escalation Exploit Update||
The CG6Service Service in CyberGhost has the SetPeLauncherState method which allows a user to launch a debugger automatically for a determined process.
This update fixes a minor bug.
|Adobe ColdFusion Java JMX-RMI Remote Code Execution Exploit||
Adobe ColdFusion is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.
|VX Search Enterprise POST Buffer Overflow Exploit||
VX Search Enterprise is prone to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring.
|Lepide Auditor Suite createdb Web Console Database Injection Remote Code Execution Vulnerability Exploit||
The application allows an attacker to specify a server to perform authentication. That server also allows to execute controlled SQL directly against the database.
|Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation Exploit||
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Jungo WinDriver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr12xx kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
|EFS Chat Server POST Buffer Overflow Exploit||
Username parameter in Registeration page 'register.ghp' is prone to a stack-based buffer-overflow vulnerability.
|Apache Tomcat readonly Initialisation Parameter JSP Remote Code Execution Exploit||
Apache Tomcat allows the upload of JSP files to unauthenticated users via a specially crafted request when the readonly initialization parameter of the Default servlet is set to false.
|SyncBreeze POST Username Buffer Overflow Exploit||
The vulnerability is a buffer overlow when parsing a POST command with a crafted username.
|ATutor AContent ims_import.php Zip File Upload Directory Traversal PHP Remote Code Execution Exploit||
This module exploits a zip file upload directory traversal in ATutor AContent to install an agent.
|NOCVE-9999-95359||Exploits/Remote File Inclusion/Known Vulnerabilities|
|PCMan FTP Server USER Command Buffer Overflow Exploit Update||
PCMan's FTP Server is prone to a buffer-overflow when handling an overly long USER command. This update improves the exploit reliability.
This update fixes several non related issues in the exploit component.
|CVE-2011-1907||Exploits/Remote||Linux, Windows, Solaris, AIX|
|Microsoft NET Framework SOAP WSDL Parser Code Injection CVE-2017-8759||
A vulnerability exists in Microsoft .NET.
|Schneider Electric U.motion Builder file_picker.php Directory Traversal Arbitrary File Upload Remote Code Execution Exploit||
This module exploits a directory traversal arbitrary file upload in Schneider Electric U.Motion Builder to install an agent.
|NOCVE-9999-95622||Exploits/Remote File Inclusion/Known Vulnerabilities|
|MS17-010 Detector update||
This update fixes an issue handling the report of the vulnerability.
|Apache Struts 2 REST Plugin XStream Exploit||
This module exploits a Java deserialization bug in Apache Struts REST XStreamHandler which allows users to get Code Execution.
|CVE-2017-9805||Exploits/OS Command Injection/Known Vulnerabilities||Linux|
|Delta Industrial Automation WPLSoft File Parsing Buffer Overflow Exploit||
The specific flaw exists within the processing of DVP files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.
|Fuji Electric Monitouch V-SFT Project File Buffer Overflow Exploit||
The specific flaw exists within parsing of a V8 project file. The issue lies in the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.
|OrientDB Remote Command Execution Exploit||
This module exploits a privilege escalation vulnerability in OrientDB by abusing SQL queries on OUser/ORole without the privileges which allows users to get Code Execution.
|CVE-2017-11467||Exploits/OS Command Injection/Known Vulnerabilities||Linux|
|RAT Gh0st Controller Server Buffer Overflow Exploit||
This module exploits a buffer overflow in the Gh0st Controller Server when handling a drive list.
|Eaton ELCSoft EPC File Buffer Overflow Exploit||
The specific flaw exists within processing of EPC files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer.
|Advantech WebAccess nvA1Media Caption Heap-based Buffer Overflow Remote Code Execution Exploit||
The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
|Advantech WebOP Designer Project File Heap Buffer Overflow Remote Code Execution Exploit||
The specific flaw exists within the parsing of a pm3 project file. A heap-based buffer overflow vulnerability exists in a call to memcpy. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process.
|NVIDIA DxgDdiEscape Handler Privilege Escalation Exploit||
NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation leading to escalation of privileges.
|Fuji Electric V Server VPR File Parsing Memory Corruption Exploit||
The specific flaw exists within parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
|Apache Struts 2 ActionMessage Remote Code Execution Exploit||
This module exploits a vulnerability in Apache Struts 2. The specific vulnerability relies on the Struts 1 plugin which might allow remote attackers to execute arbitrary code via a malicious field value passed in a raw message to the ActionMessage.
|Hewlett Packard Enterprise IMC PLAT dbman Command Injection Exploit||
HP Intelligent Management Center is prone to a remote vulnerability that allows attackers to execute commands under the context of system.
|Microsoft Windows LNK Shortcut Automatic File Execution Exploit (CVE-2017-8464)||
This vulnerability allows to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."
|CMS Made Simple editusertag.php Remote OS Command Injection Exploit||
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions.
|Linux Kernel UFO Memory Corruption Privilege Escalation Exploit||
This module exploits a memory corruption vulnerability in the Linux kernel. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption that can be used by an attacker to escalate privileges.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.